1. Introduction

Aries – Società consortile a r.l. della Camera di Commercio Venezia Giulia
Piazza della Borsa 14, 34121 Trieste
takes the user's privacy seriously and is committed to respecting it. This privacy policy ("Privacy Policy") outlines the processing activities of personal data carried out through http://www.oliocapitale.it/ and the related commitments made by the Company in this regard.
Aries may process the user's personal data when they visit the Site and use the services and features available on the Site.
In sections of the Site where the user’s personal data is collected, a specific notice pursuant to Articles 13/15 of EU Regulation 2016/679 is typically published. Where required by EU Regulation 2016/679, the user's consent will be requested before proceeding with the processing of their personal data.
If the user provides personal data of third parties, they must ensure that the communication of data to Aries and its subsequent processing for the purposes specified in the applicable privacy notice is in compliance with EU Regulation 2016/679 and applicable law.

1. Identifying details of the data controller, processor, and DPO
2. The Data Controller is Aries – Società consortile a r.l. della Camera di Commercio Venezia Giulia
3. Piazza della Borsa 14, 34121 Trieste
4. The Processor is Dr. Patrizia Andolfatto, email: patrizia.andolfatto@ariestrieste.it
5. The DPO is Dr. Paolo Visintin, email: dpo@ariestrieste.it
6. Types of data processed
7. Visiting and browsing the Site generally does not involve the collection and processing of personal data, except for navigation data and cookies as specified below. In addition to the so-called "navigation data," personal data voluntarily provided by the user may be processed when they interact with the Site’s features or request to use the services offered on the Site. In compliance with the Privacy Code, the Company may also collect the user's personal data from third parties while performing its activities.
8. Cookies and navigation data
9. The Site uses "cookies." By using the Site, the user agrees to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the user’s computer’s hard drive. There are two main categories of cookies: technical cookies and profiling cookies. Technical cookies are necessary for the proper functioning of a website and to allow user navigation. Profiling cookies are used to create user profiles in order to send advertising messages aligned with the preferences expressed by the user during browsing. Cookies can also be classified as:

• "Session cookies," which are immediately deleted when the user closes the browser;
• "Persistent cookies," which remain in the browser for a set period of time. These are used, for example, to recognize the device connecting to the site, facilitating authentication operations for the user;
• "First-party cookies," generated and managed directly by the website’s operator;
• "Third-party cookies," generated and managed by parties other than the website’s operator.

1. Cookies used on the site
2. The Site uses the following types of cookies:
3. Technical cookies, necessary for the functioning of the site and non-persistent;
4. Tracking cookies, such as Google Analytics, integrated with IP address anonymization, through which Aries can conduct statistical analysis of site visits. The cookies used serve solely statistical purposes and collect information in an aggregated form. Through a pair of cookies, one persistent and the other session-based (expiring when the browser is closed), Google Analytics also logs the start and exit times of the visit to the Site. Users can prevent Google from collecting data through cookies and processing the data by downloading and installing the browser plugin from the following link: http://tools.google.com/dlpage/gaoptout?hl=en
5. The Site may contain links to other websites (so-called third-party sites). Aries does not access or control cookies, web beacons, and other tracking technologies that may be used by third-party sites accessible from the Site; the company does not control the content and materials published by or obtained from third-party sites, nor the ways in which personal data is processed by such third parties, and expressly disclaims any related responsibility. The user is required to check the privacy policy of third-party sites they access via the Site and inform themselves about the conditions applicable to the processing of their personal data. This Privacy Policy applies only to the Site as defined above.
6. How to disable cookies in browsers
7. There are various ways to manage cookies and other tracking technologies. By changing the browser settings, you can accept or reject cookies or decide to receive a warning message before accepting cookies from visited websites.
8. We remind you that completely disabling cookies in the browser may prevent you from using all our interactive features.
9. If you use multiple computers in different locations, make sure each browser is set to meet your preferences. You can delete all cookies installed in the cookie folder of your browser.
10. Each browser has different procedures for managing settings. Click on one of the links below to get specific instructions.
11. Microsoft Windows Explorer
12. Google Chrome
13. Mozilla Firefox
14. Apple Safari
15. If you do not use any of the browsers listed above, select "cookies" in the relevant help section to find your cookie folder.
16. Retention of personal data
17. Personal data is stored and processed through computer systems owned by the company, managed by the company itself or by third-party technical service providers.
18. Purpose, legal basis, and methods of data processing
19. Aries may process the user's common and sensitive personal data for the following purposes: use of services and features available on the Site, handling requests and reports from users, sending newsletters, managing applications received through the Site, etc. Moreover, with the additional and specific optional consent of the user, Aries may process personal data for marketing purposes, such as sending promotional materials and/or commercial communications regarding the Company’s services to the user’s contact details, through both traditional means (e.g., postal mail, phone calls with an operator) and automated means (e.g., communications via the internet, fax, email, SMS, mobile applications such as smartphones and tablets - so-called apps, social network accounts - e.g., via Facebook or Twitter, automatic phone calls, etc.). Personal data is processed both in paper and electronic form and entered into the company’s information system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles, adhering to the principles of fairness and lawfulness of processing. In accordance with EU Regulation 2016/679, data is stored and retained by the company.
20. The legal basis for processing is contractual, based on consent, or due to legal obligations.
21. Security and quality of personal data
22. Aries is committed to protecting the security of the user's personal data and complies with the security provisions provided by applicable regulations to avoid data loss, unlawful or illegal use of data, and unauthorized access to it, with particular reference to the Technical Regulations on minimum security measures. Additionally, the information systems and software programs used by the company are configured to minimize the use of personal and identifying data; such data is processed only to achieve the specific purposes pursued from time to time. The company uses multiple advanced security technologies and procedures to ensure the protection of users' personal data; for example, personal data is stored on secure servers located in access-controlled and protected areas.
23. Scope of data communication and access
24. The user’s personal data may be communicated to:

• All subjects whose access to such data is granted by law;
• Our collaborators, employees, within the scope of their respective duties;
• Any natural and/or legal persons, public and/or private, when the communication is necessary or functional to the performance of our activity and in the ways and for the purposes outlined above.

1. Nature of the provision of personal data
2. The provision of certain personal data by the user is mandatory to allow the Company to manage communications, requests received from the user, or to contact the user to follow up on their request. These data are marked with an asterisk [*], and in such cases, provision is mandatory for the Company to fulfill the request; otherwise, the request cannot be processed. On the other hand, the collection of other data not marked with an asterisk is optional, and failure to provide them will not result in any consequences for the user. The provision of personal data by the user for marketing purposes, as specified in the "Purposes and methods of data processing" section, is optional, and refusal to provide them will not have any consequences. Consent given for marketing purposes extends to the sending of communications via both automated and traditional means, as exemplified above.
3. Rights of the data subject
4. 12.1 Art. 15 (Right of access), 16 (Right of rectification) of EU Regulation 2016/679
5. The data subject has the right to obtain from the data controller confirmation of whether or not their personal data is being processed, and, if so, to access the personal data and the following information:
6. a) The purposes of processing;
7. b) The categories of personal data concerned;
8. c) The recipients or categories of recipients to whom the personal data have been or will be communicated, particularly if recipients are in third countries or international organizations;
9. d) The retention period for personal data or, if not possible, the criteria used to determine such period;
10. e) The existence of the right to request from the data controller the rectification or deletion of personal data or the restriction of processing of personal data concerning the data subject, or to object to the processing thereof;
11. f) The right to lodge a complaint with a supervisory authority;
12. h) The existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic involved, as well as the significance and consequences of such processing for the data subject.

12.2 Right under Article 17 of EU Regulation 2016/679 – Right to erasure (“right to be forgotten”)
The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller must erase personal data without undue delay if one of the following reasons applies:
a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) The data subject withdraws consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a), and there is no other legal ground for the processing;
c) The data subject objects to processing under Article 21(1) and there are no overriding legitimate grounds for the processing, or objects to processing under Article 21(2);
d) The personal data have been unlawfully processed;
e) The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the data controller is subject;
f) The personal data were collected in relation to the offer of information society services referred to in Article 8(1) of EU Regulation 2016/679.
12.3 Right under Article 18 of EU Regulation 2016/679 – Right to restriction of processing
The data subject has the right to obtain from the data controller restriction of processing where one of the following applies:
a) The data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data;
b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use;
c) Although the data controller no longer needs the personal data for the purposes of the processing, the personal data are required by the data subject for the establishment, exercise, or defense of legal claims;
d) The data subject has objected to processing pursuant to Article 21(1) and pending verification of whether the legitimate grounds of the data controller override those of the data subject.
12.4 Right under Article 20 – Right to data portability
The data subject has the right to receive their personal data, which they have provided to a data controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another data controller without hindrance.

1. Withdrawal of consent to processing
2. The data subject has the right to withdraw consent to the processing of their personal data by sending a registered letter with acknowledgment of receipt to the following address: Aries – Società consortile a r.l. della Camera di Commercio Venezia Giulia, Piazza della Borsa 14, 34121 Trieste, accompanied by a copy of their identity document, with the following text: "Withdrawal of consent to the processing of all my personal data." Upon completion of this operation, the personal data will be removed from the archives, except as otherwise required by law, as quickly as possible.
3. If you wish to have more information on the processing of your personal data, or exercise the rights outlined above, you can send a registered letter with acknowledgment of receipt to the following address: Aries – Società consortile a r.l. della Camera di Commercio Venezia Giulia, Piazza della Borsa 14, 34121 Trieste.
4. Before providing or modifying any information, we may need to verify your identity and ask you some questions.
5. A response will be provided as soon as possible.